The first confusing business is installing it (followed by invoking it). For some reason, just installing wireshark is just part of the story. Do a "dnf list wireshark*" to get a list of packages to ponder.
dnf install wireshark-gtkYou can typicall find it in some pull down menu, but then you are faced with the dilemma that you need to run it as root, so forget that. Run it from the command line as follows:
su wireshark-gtkIt used to always scold and warn you about running it as root, but thankfully those days seem to be over. There is no way to run it, except as root as near as I can tell, so this was just impertinent annoyance that (as you can see) I still grind my axe about.
Next select an interface (typically eno1 on my system), and set a capture filter. This is where things get interesting. You can look at all the traffic on an interface, and this can be interesting (maybe even useful?), but in general you want to restrict what packets you see in some way. So bring up capture options and set a capture filter. Here are some examples. Note that you can use "and" and/or "or" to create capture filters. To see only DNS traffic, use one of the following commands.
port 53 udp port 53To see all traffic to and from a given host, use one of:
host 192.168.0.77 ip == 192.168.0.77Once you have selected the interface and set a capture filter if desired, click on "Start" and away you go.
Note that there are both capture filters and display filters. I essentially never use display filters. They have a different syntax, which is endlessly annoying. For example, to select only UDP packets:
udp.port eq 53
Adventures in Computing / tom@mmto.org